General Data Protection Regulation: Are you ready?

The consequences of non-compliance can be crippling for organisations, from losing customer trust to paying hefty fines. Next summer, organisations will need to comply with a new set of EU regulations that aim to ensure good practice when collecting and analysing consumer data. Profit has well and truly shifted from product to digital information – in other words, data is power. The need to protect individual data is becoming more important, especially in light of cybersecurity breaches and targeted advertising. The new European General Data Protection Regulation (GDPR) represents the most important change to data privacy in 20 years, but how can businesses prepare for enforcement, and how will it impact data analysis?

Preparing for GDPRGDPR was approved by the EU Parliament in April 2016, and will take effect on 25th May 2018. It requires all organisations that process the data of EU citizens to treat individual information according to a set of 91 articles. Article 22, for example, states that individuals have a right to be exempt from any automated decision making process that will significantly affect them. The protection of data is so important that, alongside obvious reputational damage, businesses who fail to comply with the new regulations could face a fine of €20 million – or 4 per cent of revenue, depending on which is higher). Despite the potential repercussions of non-compliance, strict data protection shouldn’t deter companies from using data analytics. Analysing information is an invaluable tool in understanding consumer markets, allowing businesses to offer products and services that resonate with customers. Instead of abandoning analytics, businesses can prepare for GDPR by ensuring that they are clearly informed about the systems and data they are using. Choosing open and controlled analytical models (instead of self-learning algorithms that basically do their own thing) will help understanding. It will also enable businesses to form a log of data use to improve accountability. For example, Direct Line is using blockchain to negotiate changes in the insurance industry. According to the financial company’s marketing director Mark Evans, “By providing a tamper-proof way to store and share personal data, it can address structural challenges.”

How will data regulations disrupt businesses?Data regulations will change how businesses use machine learning algorithms to deal with data. Companies are likely to be deterred from using AI platforms or services that they don’t fully understand in fear of facing investigation. This will encourage respect for personal data, rather than simply using it as a tool for revenue. The regulatory changes could even play an education role by essentially forcing companies to become better informed about the analytics they use. In an ideal world, opaque black box systems will eventually be replaced by comprehensible white box platforms. There are further implications for artificial intelligence itself. For example, an improved understanding of the technology could help to dispel paranoia about the demise of humanity at the virtual hands of AI. Restricting data usage will have a profoundly disruptive impact on the big tech firms, who are essentially data companies. GAFA and other Silicon Valley giants are so powerful that they can probably get hold of whatever information they like, and may not take too kindly to restrictions in the EU and Britain. These corporations are also heavily invested in machine learning systems, and GDPR (not to mention future regulations) could disrupt their research. On the other hand, it could help them to establish themselves as universal AI providers by meeting a certain standard.

In a world fuelled by data, protecting information is paramount. When so much of our data is handled by machine learning algorithms, it can be difficult to fully comprehend how and what info is being used. GDPR makes it the responsibility of organisations themselves to protect individual data by favouring open, accessible systems. This will disrupt IT infrastructures and business strategies, but it will also change the application of Artificial Intelligence. For some businesses, it will improve customer trust and bring about a better comprehension of the technology they use. For others, it could well be a hindrance. Regardless of which camp an organisation falls into, they will need to get ready for the enforcement of GDPR. . . unless they want to incur serious damage to their accounts and reputation. Of course, there’s still time for businesses to prepare – but the clock is ticking.

Is your business ready for GDPR? Will the new regulations have a positive impact on the use of self-learning algorithms? How will AI giants react to data controls? Share your thoughts and opinions.